What is the advantage of AEAD ciphers? Why is the TLS working group pushing for them? I thought modern cipher suites require SHA256 for authentication. What advantage is there to including Poly1305?
...

When I go to this site, Chrome Version 44.0.2403.89 is connecting to the server with TLS_RSA_WITH_AES_128_CBC_SHA (0x2f), and it states that this is an "obsolete cipher suite".
For what reason is it ...

I am new to Network Security and learning about various security features like Diffie-Helmann and others.
I understand that the Public key send by the server to the client needs to certified that it ...

The MAC size is reduced to 80 bits in truncated_hmac extension , which says "forging of MAC values cannot be done off-line: in TLS, a single failed MAC guess will cause the immediate termination of ...

I know how standard HMAC(key,msg) function works, and I want to write a Delphi port of HMAC class that implements Update function. The problem is that I don't understand how this Update function works ...

I was looking the certificate of this website: https://www.cloudflare.com that has an ECC based certification.
I'm just curious to know if is possible to understand which elliptic curve is used and ...

I'm quite new to the topic and read a bit about poodle and padding oracle.
I quite understand the "regular" padding oracle attack, substituting the last byte of block(n-1) to determine the last byte ...

Encrypt-then-Authenticate (EtA) seems to generally be considered the better option, compared to Authenticate-then-Encrypt (AtE) (see this Crypto.SE question, for example). The people writing the RFC ...

I have client connecting a server over HTTPS to send and retrieve data.
The client always connects through HTTPS
The certificate is known to the client beforehand (hard coded into the software)
The ...

In case of using SSL the certificate server has a primary key and a public key that is published to all clients - as far as I understood. So in this case when message is encrypted by public key (on ...

Can somebody please explaint me how does sLHAE works in TLS? I met this term in some TLS papers and struggled to understand how it works, specifically the "length-hiding" part.As to my understanding ...

If server is sending its digital signature, in which message / where does the digitally signature is provided to the client.
Is it after the server_hello message because there the public key of the ...

TLS_DHE_DSS_AES256_CBC_MAC / TLS_DHE_RSA_AES256_CBC_MAC
Hi, I have been studying to learn about various cipher suites and their performances. I gathered that DSS is efficient when compared with RSA. ...

while working with Encryption mostly cipher text is always larger the plain text, why isn't that the case when downloading a file using https ? even that compression isn't much used anymore because if ...

My question is related to another question in Cryptography about TLS 1.1 and 1.2. I have read both RFC 2246 The TLS Protocol Version 1.0 and RFC 4346 The TLS Protocol Version 1.1. What I know is that ...

As far as I know these are the well known protocols that offer PFS
TLS/SSL (with DHE-RSA, DHE-DSS, ECDHE-RSA or ECDHE-ECDSA)
SSH (RFC4253)
OTR (Protocol Version 3 Spec)
IPsec (with IKEv1 and IKEv2) ...

I'm trying to understand the SSL Poodle Attack and I'm wondering why the last block of a CBC Record can be full of padding? Wouldn't that mean that the useful data was already a multiple of the key ...

I understand that BEAST is a CPA using javascript injected onto the browser's webpage. Apparently the thing that BEAST exploits is the fact that the IVs are predictable. What I'm confused about is why ...

This seems like quite a dumb question, but I really don't know if I'm finding a answer anywhere. I understand that if i access a website that is secured with TLS, we exchange ciphersuites and so on, ...

General consensus is that DH_anon (and ECDH_anon) ciphersuites should be disabled since they offer no way to verify if the server is the one you intend to communicate with. However, I have never run ...

After reading through https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-0, I could understand that this option is recommened for use when one has legacy SSL Servers which only support SSLv3.
...